312-50V11 · Question #207
In both pharming and phishing attacks an attacker can create websites that look similar to legitimate sites with the intent of collecting personal identifiable information from its victims. What is th
The correct answer is B. In a pharming attack a victim is redirected to a fake website by modifying their host configuration. Pharming redirects victims to fake websites by manipulating DNS or host configuration, while phishing uses deceptive messages to trick users into visiting fake sites.
Question
In both pharming and phishing attacks an attacker can create websites that look similar to legitimate sites with the intent of collecting personal identifiable information from its victims. What is the difference between pharming and phishing attacks?
Options
- ABoth pharming and phishing attacks are identical.
- BIn a pharming attack a victim is redirected to a fake website by modifying their host configuration
- CIn a phishing attack a victim is redirected to a fake website by modifying their host configuration
- DBoth pharming and phishing attacks are purely technical and are not considered forms of social
How the community answered
(47 responses)- A2% (1)
- B87% (41)
- C9% (4)
- D2% (1)
Why each option
Pharming redirects victims to fake websites by manipulating DNS or host configuration, while phishing uses deceptive messages to trick users into visiting fake sites.
Pharming and phishing are distinct attack vectors - pharming is DNS or host-level manipulation while phishing is a social engineering technique using deceptive communications.
In a pharming attack, an attacker poisons the victim's DNS cache, modifies the local hosts file, or compromises a DNS server so that a legitimate domain resolves to a malicious IP address. This redirection occurs transparently without requiring the victim to click a deceptive link. This distinguishes pharming from phishing, which relies on social engineering via emails or messages containing malicious links.
Phishing does not modify host configuration; it relies on deceptive links in emails or messages to trick users into navigating to a fraudulent site voluntarily.
Both attacks can incorporate social engineering elements, and phishing in particular is primarily a social engineering attack, making this characterization incorrect.
Concept tested: Differentiating pharming and phishing attack mechanisms
Source: https://www.cisa.gov/news-events/news/avoiding-social-engineering-and-phishing-attacks
Topics
Community Discussion
No community discussion yet for this question.